Esempio n. 1
0
 def testIpMaskToInts(self):
     """Test IpMaskToInts()."""
     mask_str = '1.2.3.4/8'
     ip_mask_ints_expected = (
         self._socket_ip2int('1.2.3.4'),
         self._socket_ip2int('255.0.0.0'),
     )
     self.assertEqual(ip_mask_ints_expected, ipcalc.IpMaskToInts(mask_str))
Esempio n. 2
0
    def IpInList(cls, key_name, ip):
        """Check whether IP is in serialized IP/mask list in key_name.

    The KeyValueCache entity at key_name is expected to have a text_value
    which is in util.Serialize() form. The deserialized structure looks like

    [ "200.0.0.0/24",
      "10.0.0.0/8",
      etc ...
    ]

    Note that this function is not IPv6 safe and will always return False
    if the input ip is IPv6 format.

    Args:
      key_name: str, like 'auth_bad_ip_blocks'
      ip: str, like '127.0.0.1'
    Returns:
      True if the ip is inside a mask in the list, False if not
    """
        if not ip:
            return False  # lenient response

        # TODO(user): Once the underlying util.Ip* methods support ipv6
        # this method can go away. Until then, this stops all of the churn
        # and exits early.
        if ip.find(':') > -1:  # ipv6
            return False

        try:
            ip_blocks_str = cls.MemcacheWrappedGet(key_name, 'text_value')
            if not ip_blocks_str:
                return False
            ip_blocks = util.Deserialize(ip_blocks_str)
        except (util.DeserializeError, db.Error):
            logging.exception('IpInList(%s)', ip)
            return False  # lenient response

        # Note: The method below, parsing a serialized list of networks
        # expressed as strings, might seem silly. But the total time to
        # deserialize and translate the strings back into IP network/mask
        # integers is actually faster than storing them already split, e.g. a
        # list of 2 item lists (network,mask). Apparently JSON isn't as
        # efficient at parsing ints or nested lists.
        #
        # (pickle is 2X+ faster but not secure & deprecated inside util module)

        ip_int = ipcalc.IpToInt(ip)

        for ip_mask_str in ip_blocks:
            ip_mask = ipcalc.IpMaskToInts(ip_mask_str)
            if (ip_int & ip_mask[1]) == ip_mask[0]:
                return True

        return False